← Back

Jboss Application Server

jboss_application_server

Vendor: Redhat • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2012-1094
1Redhat
1Jboss Application Server
Nov 21, 2024
Mar 10, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed.
CVE-2012-2312
1Redhat
2Jboss Application Server
Jboss Enterprise Application Platform
Nov 21, 2024
Dec 18, 2019
N/A· v4
7.8 HIGH· v3
4.6 MEDIUM· v2
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security contex...Show more
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.Show less
CVE-2011-3609
1Redhat
1Jboss Application Server
Nov 21, 2024
Nov 26, 2019
N/A· v4
6.5 MEDIUM· v3
4.3 MEDIUM· v2
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag)...Show more
A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.Show less
CVE-2011-3606
1Redhat
1Jboss Application Server
Nov 21, 2024
Nov 26, 2019
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user...Show more
A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.Show less
CVE-2013-3734
1Redhat
1Jboss Application Server
May 13, 2026
Oct 24, 2017
N/A· v4
6.6 MEDIUM· v3
6.0 MEDIUM· v2
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by lever...Show more
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle attackers to obtain sensitive information by leveraging failure to use SSL or (2) attackers to obtain sensitive information by reading the HTML source code. NOTE: the vendor says that this does not cross a trust boundary and that it is recommended best-practice that SSL is configured for the administrative consoleShow less